[Pkg-openssl-devel] Bug#941987: Bug#941987: libssl1.1: Ciphers AES-*-CBC-HMAC-* are missing in libssl 1.1.1d, but available in 1.1.1c
Ondřej Surý
ondrej at sury.org
Tue Oct 8 22:44:34 BST 2019
Yes, I can confirm it fixes the PHP case:
# php -r 'var_dump(openssl_get_cipher_methods());' | grep 'aes-.*-hmac'
string(21) "aes-128-cbc-hmac-sha1"
string(23) "aes-128-cbc-hmac-sha256"
string(21) "aes-256-cbc-hmac-sha1"
string(23) "aes-256-cbc-hmac-sha256”
Ondrej
--
Ondřej Surý
ondrej at sury.org
> On 8 Oct 2019, at 22:58, Ondřej Surý <ondrej at sury.org> wrote:
>
> I issued a rebuild in the PPA (https://launchpad.net/~ondrej/+archive/ubuntu/php/) and in the DPA (https://packages.sury.org/php/) with the mentioned patch.
>
> For Debian, the machine is kind of stuck building arm* builds in qemu, so it might take a longer, but the PPAs should be built under an hour, so I’ll let you know.
>
> Thanks for pointing to the right direction.
>
> Ondrej
> --
> Ondřej Surý
> ondrej at sury.org
>
>> On 8 Oct 2019, at 22:51, Kurt Roeckx <kurt at roeckx.be> wrote:
>>
>> On Tue, Oct 08, 2019 at 10:15:33PM +0200, Ondřej Surý wrote:
>>> The one package particularly hit by this is PHP.
>>>
>>> The openssl_get_cipher_methods() function does list the hmac variants with 1.1.1c, but it doesn’t with 1.1.1d, so there’s definitely a regression somewhere.
>>
>> Is this something that's fixed by
>> https://github.com/openssl/openssl/pull/10074?
>>
>>
>> Kurt
>>
>
More information about the Pkg-openssl-devel
mailing list